Cisco Systems has fixed a pair of flaws in its Internetwork Operating System (IOS) that attackers could exploit to cause a denial of service or tamper with data in a device's file system.
The IOS improperly verifies user credentials within the FTP server, Cisco said in an advisory.
The flaws affect Cisco IOS versions 11.3, 12.0, 12.1, 12.2, 12.3 and 12.4.
However, the IOS FTP server is an optional service disabled by default, Cisco noted. Devices that are not specifically configured to enable the IOS FTP server service are unaffected by the flaws.